Locking out Unauthorized Airport Users

[plume]

Locking Out Unauthorized AirPort Users

 

 

The more you do to protect your wireless network, the more secure it will be. We have previously taken a look at using passwords and creating a closed network to hide your Basestation from the world. You can also limit access to your Basestation by specifying exactly which computers are allowed to login.

 

Your Basestation checks the unique identifying code embedded, called the AirPort ID or MAC address, in your AirPort or other Wi-Fi card. If it doesn't match the list of approved cards, your BaseStation won't allow the computer to connect to your network.

 

Here's how to set it up:

First, you need to know the AirPort ID for each Mac that will be joining your wireless network.

 

* Choose Apple menu > System Preferences to launch System Preferences.

* Select the Network Preference Pane.

* Choose Airport from the Show pop-up menu.

* Click the Airport tab.

* Your AirPort ID is listed just above the By default, join pop-up menu.

 

 

 

 

You can find your AirPort ID in the Network Preference Pane.

 

Now you need to add the Airport IDs for each Mac to your Basestation's approved computer list.

 

* Launch Airport Admin Utility. It's in Applications/Utilities/Airport Admin Utility.

* Select your Basestation.

* Click Configure.

* Click the Access Control tab.

* Click the plus button next to the AirPort ID list.

 

 

 

Click the plus button to add computers to your approved list.

* Enter the AirPort ID and a description that makes sense to you, and then click OK.

* When you are done adding computers, click Update. After your Basestation finishes restarting, it will allow only the computers with approved AirPort IDs to login.

 

 

Adding a computer's AirPort ID.

 

This is a security measure you can enable on other wireless access points, too. If you aren't using an AirPort Basestation, check the instructions that came with your access point to see how.

 

 

 

Authorized computers appear in the AirPort ID list.

 

There is no way to bulletproof way to keep every unauthorized user from accessing your wireless network, but the more you do to protect your network, the lower the chances are of someone breaking in.

[Ouch]

It should also be mentioned that of all the wireless security options this is one of the easiest to bypass and it should not be relied upon.

The best security practice is to have your wireless ap isolated from the rest of the network and use something like 802.1x security to control access beyond the perimeter firewall. Failing that WPA security and a non-broadcast ssid is a minimum. WEP + Mac Filtering can be compromised.